<?PHP
// VERSION: 2009-04-15 r5
//
// SSPORA - Secure Simple Page of Registration of Accounts
// Credits to Sanders (TheMagic), SSPORA Team, Gachl
//
// What makes this tool better than other tools?
// -This tool is secure, it is protected against a lot of xss and bots.
// -Further this tool gathers more informations about your users than every other account creator!
// -The HTML output is w3c ready.
// -It can be run with and without SSL.

/* ####################################################
* # W A R N I N G ! ! ! #
* # ------------------------------------------------ #
* # PLEASE READ THE INSTALLATION INSTRUCTIONS BEFORE #
* # YOU FILL OUT ALL VARIABLES! #
* #####################################################
*/
/* _________________________________________________
< I N S T A L L A T I O N >
* |=================================================|
* | If you activate the information collector this |
* | tool needs a new table to save the informations.|
* | If you want to use this feature just enable it |
* | and fill in the variable "$dbiname" the name of |
* | the database where the table shall be created. |
* | Please make sure that the given database user |
* | has read and writeaccess to that database and |
* | is able to create new tables. |
* | This script will only create one single table |
* | if you activate this feature. |
* | To get this tool running enter below all re- |
* | quired informations. |
* | Thank you for using this tool! |
* |=================================================|
* <_________________________________________________>

/*
* This tool has been tested against following attacks:
* SQL Injection
* HTML Injection
* Code Injection
* Bots
* Spammer
* Remotefileview
* Remoteinclude
*
*/

// ####################################################
// # Webmasters, fill out the following informations: #
// ####################################################

/*
* $backgroundcolor:
* The background color of the webpage (HTML colors)
*
* $textcolor:
* The text color of the webpage (HTML colors)
*
* $warningcolor:
* The color of warnings (HTML colors)
*
* $okaycolor:
* The color of confirmations (HTML colors)
*
* $fontfamily:
* The font family (CSS font-family)
*
* $fontsize:
* The font size (CSS font-size)
*
* $headerimage:
* The HTML-path to a header image. null for none.
*
* $footertext:
* The text on the footer of the page.
*
* $pagetitle:
* The title of the page.
*
* $style:
* Text align. 0 = left, 1 = center
*/
$backgroundcolor = "FFFFFF";
$textcolor = "000000";
$warningcolor = "FF0000";
$okaycolor = "00FF00";
$fontfamily = "verdana";
$fontsize = "12px";
$headerimage = null;
$footertext = "";
$pagetitle = "Account Creation";
$style = 1;

/* The values for the information collector:
0 = forename
1 = surename
2 = born
3 = gender
/* Required informations */
$required = Array(0,3);
/* Not required informations */
$notrequired = Array(1,2);

/*
* $dburl:
* The URL / hostaddress to your database server.
*
* $dbuser:
* The username for the database. It needs read/writeaccess to $dbwname
* and if you enabled the information collector it needs permissions to
* create a new table.
*
* $dbpass:
* The password for the user.
*
* $dbwname:
* The name of your ArcEmu account database.
*
* $dbiname:
* The name of the database where the table for the informations is in.
*
* $enableic:
* Do you want to enable the information collector?
* Valid values: true (enables this feature), false (diables this feature)
*
* $itable:
* The name of the table where the informations shall be stored (this
* table must not exists, the script will create it!
*
* $atable:
* The name of the table in the ArcEmu account database where the accounts are stored in
* Default: accounts
* $usernamefield:
* The name of the database field where the username is stored in.
*
* $emailfield:
* The name of the database field where the email is stored in.
*/
$dburl = "127.0.0.1";
$dbuser = "root";
$dbpass = "ascent";
$dbwname = "logon";
$dbiname = "info";
$enableic = "false";
$itable = "info";
$atable = "accounts";
$usernamefield = "login";
$emailfield = "email";

$table = Array(
/* For compatibility to all versions set the fields of the account table.
* Variables:
* Variable Value Type
* %login% Username Text
* %password% Password Text
* %email% Email Text
* %flags% WOW (0) or TBC (8) Integer
*
* Table field name => Value */
"acct" => 'NULL',
"login" => '"%login%"',
"password" => '"%password%"',
"encrypted_password"=> '""',
"gm" => '""',
"banned" => '0',
"lastlogin" => '"0000-00-00 00:00:00"',
"lastip" => '"0.0.0.0"',
"email" => '"%email%"',
"flags" => '%flags%',
"forceLanguage" => '"enUS"',
"muted" => '0'
);

/* LANGUAGE SETTINGS */
// English
$lang = Array(
"accountexist"=> "This account already exists.",
"confirmmail" => "Confirm E-mail",
"headerimage" => "headerimage",
"welcometext" => "REALMLIST: 76.108.120.147",
"mustfillin" => "",
"wowversion" => "Expansion",
"emailinuse" => "This email address is already in use.",
"pwnomatch" => "The two entered passwords are not the same.",
"confirmpw" => "Confirm Password",
"mailwrong" => "The two entered email addresses do not match.",
"username" => "Account Name",
"password" => "Password",
"forename" => "First Name",
"surename" => "Last Name",
"congrats" => "Congratulations. Your account has been successfully created.",
"invalid" => "The field % contains invalid characters! Allowed: Upper- and lowercase a-z, 0-9, ., - and _",
"submit" => "Submit",
"female" => "Female",
"empty" => "The field % must be filled!",
"email" => "E-mail address",
"born" => "DoB",
"male" => "Male",
"sex" => "Gender",
"cap" => "The verification image was typed incorrectly!"
);

// German (remove the /* and */ to use it)
/*$lang = Array(
"accountexist"=> "Dieser Benutzername existiert bereits.",
"confirmmail" => "EMail best&auml;tigen",
"headerimage" => "titelbild",
"welcometext" => "Willkommen auf unserem World of Warcraft Server. Du kannst dir hier einen Account erstellen.",
"mustfillin" => "* Diese Felder m&uuml;ssen ausgef&uuml;llt werden!",
"wowversion" => "World of Warcraft Version (TBC / kein TBC)",
"emailinuse" => "Diese EMailadresse wird bereits benutzt.",
"pwnomatch" => "Die beiden eingegebenen Passw&ouml;rter sind nicht gleich.",
"confirmpw" => "Passwort best&auml;tigen",
"mailwrong" => "Die zwei eingegebenen EMailadressen stimmen nicht &uuml;berein.",
"username" => "Benutzername",
"password" => "Passwort",
"forename" => "Vorname",
"surename" => "Nachname",
"congrats" => "Gratulation, dein Account wurde erfolgreich erstellt.",
"invalid" => "Das Feld % beinhaltet ung&uuml;ltige Zeichen. Erlaubt: Grosse und kleine a-z, 0-9, ., - und _",
"submit" => "Absenden",
"female" => "Frau",
"empty" => "Das Feld % muss ausgef&uuml;llt werden!",
"email" => "EMailadresse",
"born" => "Geboren",
"male" => "Mann",
"sex" => "Geschlecht",
"cap" => "Die eingegebenen Zeichen sind falsch."
);*/
/*****************************************************\
* Thats all you can set. Now check the values again *
* and if you think they are okay run the script and *
* try it once. *
\*****************************************************/

// ########################################################################
// # DO NOT EDIT BELOW HERE IF YOU DON'T KNOW WHAT EXACTLY YOU ARE DOING! #
// ########################################################################

$currentVersion = 20090415; // DO NEVER CHANGE THAT LINE!!!

// This function creates a random string
function random($count = 14) {
$possible = "0123456789bcdfghjkmnpqrstvwxyz";
$random = "";
for ($i = 0; $i < $count; $i++)
$random .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
return $random;
}

// Check if some of the values in a list equals with another value
function equals($list) {
foreach ($list as $v1) {
foreach ($list as $v2) {
if ($v1 == $v2)
return true;
}
}
return false;
}

// Check if a string contains invalid characters
function containsInvalidCharacters($string) {
$string = preg_match('/[^a-zA-Z0-9.-_]/', $string);
return (intval($string) === 0) ? false : true;
}

function invalid($fieldname) {
global $lang;
return str_replace("%", $fieldname, $lang['invalid']);
}

function emptyfield($fieldname) {
global $lang;
return str_replace("%", $fieldname, $lang['empty']);
}

session_start(); // We need a session here to save the form field names

// Create on of these ... captchas?
if (!empty($_GET['g']) && ($_GET['g'] == "1")) {
$chars = strtolower(random(5));
$_SESSION['imagecode'] = md5($chars);
header("Content-type: image/png");
$im = imagecreatetruecolor(120, 20);
$text1 = imagecolorallocate($im, rand(0, 80), rand(0, 80), rand(0, 80));
$text2 = imagecolorallocate($im, rand(0, 80), rand(0, 80), rand(0, 80));
$text3 = imagecolorallocate($im, rand(0, 80), rand(0, 80), rand(0, 80));
$text4 = imagecolorallocate($im, rand(0, 80), rand(0, 80), rand(0, 80));
$text5 = imagecolorallocate($im, rand(0, 80), rand(0, 80), rand(0, 80));
$rect1 = imagecolorallocate($im, rand(150, 255), rand(150, 255), rand(150, 255));
$rect2 = imagecolorallocate($im, rand(150, 255), rand(150, 255), rand(150, 255));
$rect3 = imagecolorallocate($im, rand(150, 255), rand(150, 255), rand(150, 255));

imagefilledrectangle($im, 0, 0, 120, 20, imagecolorallocate($im, rand(120, 160), rand(120, 160), rand(120, 160)));

imagerectangle($im, rand(0, 90), rand(0, 20), rand(0, 90), rand(0, 20), $rect1);
imagerectangle($im, rand(80, 120), rand(0, 20), rand(80, 120), rand(0, 20), $rect2);
imagerectangle($im, rand(60, 111), rand(0, 20), rand(50, 90), rand(0, 20), $rect3);

imagestring($im, 5, rand(1, 25), 3, $chars[0], $text1);
imagestring($im, 5, rand(30, 50), 3, $chars[1], $text2);
imagestring($im, 5, rand(55, 75), 3, $chars[2], $text3);
imagestring($im, 5, rand(80, 100), 3, $chars[3], $text4);
imagestring($im, 5, rand(105, 112), 3, $chars[4], $text5);

imagepng($im);
imagedestroy($im);

exit();
// Looks stupid.. :D
}

$errors = Array();
$success = false;

// This is for security purpose. If the names of the input fields are not the same every time
// no bot can fill them out and out again.
$fusername = "";
$fpassword = "";
$fconfirmpassword = "";
$femail = "";
$fconfirmemail = "";
$fgametype = "";
$fforename = "";
$fsurename = "";
$fborn = "";
$fgender = "";
$fsubmit = "";

do {
$fusername = random();
$fpassword = random();
$fconfirmpassword = random();
$femail = random();
$fconfirmemail = random();
$fgametype = random();
$fforename = random();
$fsurename = random();
$fdd = random();
$fmm = random();
$fyyyy = random();
$fgender = random();
$fcaptcha = random();
$fsubmit = random();
} while (!equals(Array($fusername, $fpassword, $fconfirmpassword, $femail, $fconfirmemail, $fgametype, $fforename, $fsurename, $fdd, $fmm, $fyyyy, $fgender, $fcaptcha, $fsubmit)));

if (!empty($_SESSION['fsubmit']) && !empty($_POST[$_SESSION['fsubmit']]) && ($_POST[$_SESSION['fsubmit']] === $lang['submit'])) {
// The form seems to be submitted.
$uname = $_SESSION['fusername'];
$pw = $_SESSION['fpassword'];
$cpw = $_SESSION['fconfirmpassword'];
$mail = $_SESSION['femail'];
$cmail = $_SESSION['fconfirmemail'];
$gt = $_SESSION['fgametype'];
$fore = $_SESSION['fforename'];
$sure = $_SESSION['fsurename'];
$dd = $_SESSION['fdd'];
$mm = $_SESSION['fmm'];
$yyyy = $_SESSION['fyyyy'];
$sex = $_SESSION['fgender'];
$cap = $_SESSION['fcaptcha'];
$subm = $_SESSION['fsubmit'];

// Get form values
$uname = trim($_POST[$uname]);
$pw = $_POST[$pw];
$cpw = $_POST[$cpw];
$mail = trim($_POST[$mail]);
$cmail = trim($_POST[$cmail]);
$gt = intval($_POST[$gt]);
$fore = trim($_POST[$fore]);
$sure = trim($_POST[$sure]);
$dd = intval($_POST[$dd]);
$mm = intval($_POST[$mm]);
$yyyy = intval($_POST[$yyyy]);
$sex = intval($_POST[$sex]);
$cap = $_POST[$cap];
$subm = $_POST[$subm];

$attemp = false;

// Check

//Checking for bot or brute
if (!empty($_POST['login']) || !empty($_POST['password']))
die("Fatal hacking attempt. Aborting!");

// Checking all valid fields
if (empty($uname))
$errors[] = emptyfield($lang['username']);

if (containsInvalidCharacters($uname)) {
$errors[] = invalid($lang['username']);
$attemp = true;
}

mysql_connect($dburl, $dbuser, $dbpass) or die(mysql_error() . "<br>\nWebmaster, check the script configuration!");
mysql_select_db($dbwname) or die(mysql_error() . "<br>\nWebmaster, check the script configuration!");

if (!empty($uname) && !$attemp) {
$usercount = mysql_fetch_assoc(mysql_query("SELECT COUNT(*) AS `count` FROM `$atable` WHERE `$usernamefield` = \"$uname\";"));
if (intval($usercount['count']) !== 0)
$errors[] = $lang['accountexist'];
}

if (empty($pw))
$errors[] = emptyfield($lang['password']);

if (empty($cpw))
$errors[] = emptyfield($lang['confirmpw']);

if (empty($mail))

if (empty($cmail))

$attemp = false;

if (!empty($mail)) {
if (strpos($mail, "@") !== false) {
$emailname = substr($mail, 0, strpos($mail, "@"));
$domain = substr($mail, strpos($mail, "@") + 1);
if (containsInvalidCharacters($emailname) || containsInvalidCharacters($domain)) {
$errors[] = invalid($lang['email']);
$attemp = true;
}
} else {
$errors[] = invalid($lang['email']);
}
}



if ($mail != $cmail)
$errors[] = $lang['mailwrong'];


if ($enableic) {
// forename surename born gender
if (in_array(0, $required) || in_array(0, $notrequired)) {
if (in_array(0, $required)) {
if (empty($fore))
$hi[] = emptyfield($lang['forename']);
}
if (containsInvalidCharacters($fore))
$errors[] = invalid($lang['forename']);
}

// surename
if (in_array(1, $required) || in_array(1, $notrequired)) {
if (in_array(1, $required)) {
if (empty($sure))
$errors[] = emptyfield($lang['surename']);
}
if (containsInvalidCharacters($sure))
$errors[] = invalid($lang['surename']);
}

$born = "$yyyy-$mm-$dd";
}

if ($_SESSION['imagecode'] !== md5(trim(strtolower($cap))))
$errors[] = $lang['cap'];
// Submit is checked but more checks are more safety
if (empty($subm) || ($subm != $lang['submit']))
die("Hack attempt!");

// Only continue if everything is okay.
if (count($errors) === 0) {
mysql_select_db($dbwname) or die(mysql_error() . "<br>\nWebmaster, check the script configuration!");

$query = "INSERT INTO `" . $atable . "` (";
$secondq = ") VALUES (";
foreach ($table as $key => $value) {
$find = Array("%login%", "%password%", "%email%", "%flags%");
$replace = Array($uname, $pw, $mail, $gt);
$value = str_replace($find, $replace, $value);
$query .= "`$key`, ";
$secondq .= "$value, ";
}

$query = substr($query, 0, strlen($query) - 2) . substr($secondq, 0, strlen($secondq) - 2) . ");";
mysql_query($query) or die(mysql_error() . "<br>\nWebmaster, check the script configuration (table settings)!");
$acct = mysql_insert_id();
if ($acct < 1)
$errors[] = "FATAL ERROR. Check your database.";
if ($enableic) {
mysql_select_db($dbiname) or die(mysql_error() . "<br>\nWebmaster, check the script configuration (table settings)!");
$tablecheck = mysql_query("SHOW TABLES;");
$tblexists = false;
while ($row = mysql_fetch_assoc($tablecheck)) {
if ($row['Tables_in_' . $dbiname] == $itable) {
$tblexists = true;
break;
}
}

if (!$tblexists) {
mysql_query("CREATE TABLE `$dbiname`.`$itable` (
`id` INT UNSIGNED NOT NULL ,
`forename` VARCHAR( 60 ) NOT NULL ,
`surename` VARCHAR( 60 ) NOT NULL ,
`born` DATE NOT NULL ,
`gender` ENUM( '" . $lang['male'] . "', '" . $lang['female'] . "' ) NOT NULL ,
PRIMARY KEY ( `id` )
);");
}

$efore = (in_array(0, $required) || in_array(0, $notrequired));
$esure = (in_array(1, $required) || in_array(1, $notrequired));
$eborn = (in_array(2, $required) || in_array(2, $notrequired));
$egend = (in_array(3, $required) || in_array(3, $notrequired));

$query = 'INSERT INTO `' . $itable . '` VALUES (' . $acct . ', "' . ($efore ? $fore : "") . '", "' . ($esure ? $sure : "") . '", "' . ($eborn ? $born : "") . '", "' . (empty($sex) ? $lang['male'] : ((intval($sex) == 0) ? $lang['male'] : $lang['female'])) . '");';
mysql_query($query) or die(mysql_error() . "<br>\nWebmaster, check the script configuration (table settings)!");
}
$success = true;
}
}

$_SESSION['fusername'] = $fusername;
$_SESSION['fpassword'] = $fpassword;
$_SESSION['fconfirmpassword'] = $fconfirmpassword;
$_SESSION['femail'] = $femail;
$_SESSION['fconfirmemail'] = $fconfirmemail;
$_SESSION['fgametype'] = $fgametype;
$_SESSION['fforename'] = $fforename;
$_SESSION['fsurename'] = $fsurename;
$_SESSION['fyyyy'] = $fyyyy;
$_SESSION['fmm'] = $fmm;
$_SESSION['fdd'] = $fdd;
$_SESSION['fgender'] = $fgender;
$_SESSION['fcaptcha'] = $fcaptcha;
$_SESSION['fsubmit'] = $fsubmit;

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title><?= $pagetitle ?></title>
<script type="text/javascript">
<!--
function reloadc() {
var c = this.document.getElementById("captcha");
var now = new Date();
c.src = '?g=1&amp;f=' + now.getTime();
}
-->
</script>
<style type="text/css">
<!--
body {
background-color: #<?= $backgroundcolor ?>;
color: #<?= $textcolor ?>;
font-family: <?= $fontfamily ?>;
font-size: <?= $fontsize ?>;
}

.error {
color: #<?= $warningcolor ?>;
}

.okay {
color: #<?= $okaycolor ?>;
}
-->
</style>
</head>
<body>
<?= ($style == 1) ? "<center>" : "" ?>
<?= (($headerimage != null) && empty($headerimage)) ? '<img src="' . $headerimage . '" alt="' . $lang['headerimage'] . '">' . "\n" : '' ?><br>
<?= $lang['welcometext'] ?><br>
<?PHP foreach ($errors as $error) echo '<span class="error">' . $error . '</span><br>' . "\n"; ?>
<?PHP if ($success) { ?>
<span class="okay"><?= $lang['congrats'] ?></span>
<?PHP } else { ?>
<form action="?" method="POST">
<table>
<tr>
<td><?= $lang['username'] ?></td>
<td><input type="text" name="<?= $fusername ?>"></td>
</tr>
<tr>
<td><?= $lang['password'] ?></td>
<td><input type="password" name="<?= $fpassword ?>"></td>
</tr>
<tr>
<td><?= $lang['confirmpw'] ?></td>
<td><input type="password" name="<?= $fconfirmpassword ?>"></td>
</tr>
<tr>
<td><?= $lang['wowversion'] ?></td>
<td>
<select name="<?= $fgametype ?>">
<option value="24">Wrath of the Lich King</option>
<option value="8">The Burning Crusade</option>
<option value="0">Classic</option>
</select>
</td>
</tr>
<?PHP if ($enableic) { if (in_array(0, $required) || in_array(0, $notrequired)) { ?>
<?PHP } if (in_array(1, $required) || in_array(1, $notrequired)) { ?>
<?PHP } } ?>
<tr>
<td><img src="?g=1" alt="captcha" id="captcha"><a href="javascript:reloadc()"></a></td>
<td><input type="text" name="<?= $fcaptcha ?>"></td>
</tr>
<tr>
<td><input type="submit" name="<?= $fsubmit ?>" value="<?= $lang['submit'] ?>"></td>
<td>&nbsp;</td>
</tr>
</table>
<?= $lang['mustfillin'] ?>
<div style="visibility: hidden;"><input type="text" name="login"><input type="password" name="password"></div>
</form>
<?PHP } ?>
<?= $footertext ?>
<?= ($style == 1) ? "</center>" : "" ?>
</body>
</html>